| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ungewöhnlich viele Nat verbindungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.01.2012, 21:01
| #1 |
| |  Ungewöhnlich viele Nat verbindungen Hallo Der besagte Laptop macht baut ungewöhnlich viele Nat Verbindungen auf. Gemerkt habe ich das, als ich im Fehler log des Routers (Zyxel P-660HN-F1Z) nach einer gewissen Surfzeit die Meldung "192.168.x.x 192.168.x.x exceeds the max. number of session per host!" erhielt, und das Surfen unerträglich wurde (auch viele Verbindungsabbrüche / Verbindungsprobleme). Die Nat Table meines Routers war Standartmässig auf 1024 Verbindungen pro IP eingestellt. Diese habe ich auf 2048 erhöht. Als das Problem nach einer Weile erneut auftauchte, erhöhte ich sie auf 3072. Anstatt am Router herum zu doktern wollte ich lieber von Euch wissen, warum mein Laptop dermassen ungewöhnlich viele Verbindungen aufbaut. (Nein, es laufen keine Filesharing Programme!) Ein Virusscan mit Avira Antivir und Microsoft Security Essentials haben nichts gefunden. Code:
ATTFilter OTL logfile created on: 19.01.2012 19:26:16 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Naractis\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 65.32% Memory free 5.93 Gb Paging File | 4.62 Gb Available in Paging File | 77.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452.69 Gb Total Space | 246.00 Gb Free Space | 54.34% Space Free | Partition Type: NTFS Drive D: | 13.06 Gb Total Space | 2.03 Gb Free Space | 15.54% Space Free | Partition Type: NTFS Computer Name: NARACTISBOOK | User Name: Naractis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.19 19:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe PRC - [2011.11.08 15:52:48 | 000,376,704 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\spd.exe PRC - [2011.11.08 15:52:44 | 001,219,456 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\cfosspeed.exe PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Naractis\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.07.01 14:01:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.05.01 09:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.03 20:02:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2009.12.01 12:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe PRC - [2009.09.16 16:42:30 | 000,210,216 | ---- | M] (CyberLink) -- c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.08.21 10:07:14 | 000,100,408 | ---- | M] (Hewlett-Packard ) -- C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe PRC - [2009.07.21 09:34:52 | 000,567,864 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2009.07.21 01:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.07.21 01:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.03.01 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.09.16 09:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.09.16 16:42:28 | 000,931,112 | ---- | M] () -- c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.07.21 09:34:52 | 000,567,864 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe MOD - [2008.05.07 21:33:46 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\ccme_base.dll MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.26 17:14:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.11.08 15:52:48 | 000,376,704 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2011.07.01 14:01:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.05.01 09:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService) SRV - [2010.07.18 22:47:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.22 17:29:18 | 000,390,472 | ---- | M] (gogo6, Inc.) [On_Demand | Stopped] -- C:\Programme\gogo6\gogoCLIENT\gogoc.exe -- (gogoc) SRV - [2009.12.01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009.07.21 01:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.01 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters) SRV - [2008.09.16 09:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2007.05.31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011.11.08 15:52:52 | 000,972,160 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) DRV - [2011.07.01 14:01:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 14:01:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2011.02.18 07:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.23 17:46:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.15 15:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2010.06.15 15:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.03.22 17:29:10 | 000,021,064 | ---- | M] (gogo6 Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gogotun.sys -- (gogoTunnelDevice) DRV - [2010.02.22 16:23:46 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/07/24 16:03:51] [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2010.01.13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R) DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.08.05 21:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u) DRV - [2009.07.26 21:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd) DRV - [2009.07.21 01:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.05.22 07:32:56 | 000,284,928 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009.03.06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf) DRV - [2008.10.22 16:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.09.16 09:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.09.04 00:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 46 98 B3 E1 D1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.80 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Naractis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.08.15 08:09:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 10:01:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.14 12:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 12:48:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.08.15 08:09:50 | 000,000,000 | ---D | M] [2010.07.18 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naractis\AppData\Roaming\mozilla\Extensions [2012.01.15 21:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naractis\AppData\Roaming\mozilla\Firefox\Profiles\gprpat5c.default\extensions [2010.07.18 22:56:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naractis\AppData\Roaming\mozilla\Firefox\Profiles\gprpat5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.05.21 02:17:18 | 000,001,632 | ---- | M] () -- C:\Users\Naractis\AppData\Roaming\Mozilla\Firefox\Profiles\gprpat5c.default\searchplugins\live-search.xml [2012.01.14 12:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.02 05:13:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\NARACTIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPRPAT5C.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\NARACTIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPRPAT5C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: \Auf gut Gl\u00FCck\-Schnellsuche (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&meta=lr%3Dlang_de&btnI=I%27m+Feeling+Lucky CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Google Update (Enabled) = C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Speed Dial = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\ CHR - Extension: AdBlock = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\ CHR - Extension: FastestChrome - Browse Faster = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.9.6_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.11.26 17:06:06 | 000,001,392 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [HPToneControl] C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard ) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - Startup: C:\Users\Naractis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Naractis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.39 194.230.1.103 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA745F0-1068-417F-8401-7ACC5D7A3829}: DhcpNameServer = 194.230.1.39 194.230.1.103 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60038E5B-62F8-4476-A978-605E47B5FE35}: DhcpNameServer = 138.188.101.186 138.188.101.189 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED028D9-9E09-4765-83F4-E0547C591A86}: NameServer = 192.168.0.1,192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.19 19:22:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe [2012.01.19 19:06:34 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Naractis\Desktop\aswMBR.exe [2012.01.15 13:07:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.01.14 19:33:07 | 000,750,592 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\Dnetr28u.sys [2012.01.14 19:33:07 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll [2012.01.14 12:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.01.14 12:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping [2012.01.14 12:32:43 | 000,972,160 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2012.01.14 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Naractis\AppData\Local\cFos [2012.01.14 12:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos [2012.01.14 12:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.01.08 18:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden [2012.01.08 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden [2012.01.08 17:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Duden [2012.01.07 17:10:31 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Naractis\Desktop\putty.exe [2012.01.04 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\Naractis\AppData\Local\GoPro [2011.12.26 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2011.12.26 17:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2011.12.26 17:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro [2011.06.15 21:13:05 | 000,219,136 | ---- | C] (TODO: <Company name>) -- C:\Program Files\launcher.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.19 19:27:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.19 19:27:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.19 19:26:06 | 000,698,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.19 19:26:06 | 000,654,276 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.19 19:26:06 | 000,149,162 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.19 19:26:06 | 000,122,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.19 19:25:25 | 000,000,512 | ---- | M] () -- C:\Users\Naractis\Desktop\MBR.dat [2012.01.19 19:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe [2012.01.19 19:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.19 19:19:25 | 2390,118,400 | -HS- | M] () -- C:\hiberfil.sys [2012.01.19 19:17:20 | 000,000,020 | ---- | M] () -- C:\Users\Naractis\defogger_reenable [2012.01.19 19:16:13 | 000,050,477 | ---- | M] () -- C:\Users\Naractis\Desktop\Defogger.exe [2012.01.19 19:06:55 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Naractis\Desktop\aswMBR.exe [2012.01.19 19:05:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job [2012.01.19 18:49:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job [2012.01.19 16:14:56 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job [2012.01.19 16:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job [2012.01.14 19:35:20 | 000,000,009 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{0CF68E52-0DF1-47E6-80D9-7474EDE5FB02} [2012.01.14 12:30:19 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.14 12:07:08 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.01.12 23:30:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNaractis.job [2012.01.10 13:40:47 | 002,548,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.07 17:37:00 | 000,000,600 | ---- | M] () -- C:\Users\Naractis\AppData\Local\PUTTY.RND [2012.01.07 17:10:39 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Naractis\Desktop\putty.exe [2012.01.07 13:51:18 | 000,002,416 | ---- | M] () -- C:\Users\Naractis\Desktop\Google Chrome.lnk [2012.01.04 23:17:30 | 000,007,606 | ---- | M] () -- C:\Users\Naractis\AppData\Local\Resmon.ResmonCfg [2011.12.26 17:02:18 | 000,001,111 | ---- | M] () -- C:\Users\Naractis\Desktop\GoPro CineForm Studio.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.19 19:17:04 | 000,000,020 | ---- | C] () -- C:\Users\Naractis\defogger_reenable [2012.01.19 19:16:12 | 000,050,477 | ---- | C] () -- C:\Users\Naractis\Desktop\Defogger.exe [2012.01.19 19:10:20 | 000,000,512 | ---- | C] () -- C:\Users\Naractis\Desktop\MBR.dat [2012.01.14 19:35:20 | 000,000,009 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{0CF68E52-0DF1-47E6-80D9-7474EDE5FB02} [2012.01.14 19:33:08 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys [2012.01.14 19:33:07 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2012.01.14 12:30:19 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.14 12:07:08 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.01.14 12:06:28 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.01.10 18:04:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNaractis.job [2012.01.07 17:15:34 | 000,000,600 | ---- | C] () -- C:\Users\Naractis\AppData\Local\PUTTY.RND [2011.12.26 17:02:18 | 000,001,111 | ---- | C] () -- C:\Users\Naractis\Desktop\GoPro CineForm Studio.lnk [2011.09.17 10:06:02 | 000,007,606 | ---- | C] () -- C:\Users\Naractis\AppData\Local\Resmon.ResmonCfg [2011.06.15 21:13:05 | 000,080,384 | ---- | C] () -- C:\Program Files\phnxdll.dll [2011.06.15 21:12:55 | 003,297,280 | ---- | C] () -- C:\Program Files\phoenixRC.exe [2011.06.02 11:40:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.02 11:37:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.04 16:08:31 | 000,001,849 | ---- | C] () -- C:\Users\Naractis\AppData\Roaming\GhostObjGAFix.xml [2010.10.22 20:21:10 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.10.11 19:34:28 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.11 19:34:28 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT [2010.09.25 13:18:02 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.09.25 13:17:56 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.09.25 13:17:56 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.08.16 23:10:51 | 000,000,600 | ---- | C] () -- C:\Users\Naractis\AppData\Roaming\winscp.rnd [2010.08.02 05:14:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.23 18:44:51 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN [2010.07.23 18:44:51 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AP6RMKV.BIN [2010.07.23 18:44:51 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN [2010.07.23 18:44:51 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN [2010.07.23 18:44:51 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN [2010.07.23 18:44:51 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN [2009.08.28 10:52:28 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp1ml3.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 09:47:43 | 000,698,998 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,149,162 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 002,548,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,654,276 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,122,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll ========== LOP Check ========== [2011.03.08 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\.Kanton ZH [2011.11.26 17:02:43 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\DAEMON Tools Lite [2010.07.23 18:39:51 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\DigitalPersona [2012.01.19 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\Dropbox [2011.11.11 16:41:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\EVEMon [2011.09.17 12:42:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\FileZilla [2010.09.19 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\FreeCommander [2010.08.31 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\NCH Swift Sound [2010.07.18 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\Static EMail Backup [2011.09.17 12:42:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\TS3Client [2011.05.01 09:24:36 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\TuneUp Software [2012.01.14 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\uTorrent [2012.01.19 16:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job [2012.01.19 19:05:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job [2012.01.14 01:49:56 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:07:34
-----------------------------
19:07:34.376 OS Version: Windows 6.1.7601 Service Pack 1
19:07:34.376 Number of processors: 2 586 0x170A
19:07:34.378 ComputerName: NARACTISBOOK UserName: Naractis
19:07:40.033 Initialize success
19:08:59.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:59.841 Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 11
19:08:59.872 Disk 0 MBR read successfully
19:08:59.872 Disk 0 MBR scan
19:08:59.872 Disk 0 Windows 7 default MBR code
19:08:59.888 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463559 MB offset 2048
19:08:59.904 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13377 MB offset 949370880
19:08:59.919 Disk 0 scanning sectors +976766976
19:08:59.982 Disk 0 scanning C:\Windows\system32\drivers
19:09:11.229 Service scanning
19:09:12.774 Service MpKsl2cc050e4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D53B79D-CCB8-46B9-B8A4-BAC0FE155330}\MpKsl2cc050e4.sys **LOCKED** 32
19:09:12.774 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:09:13.039 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:09:13.663 Modules scanning
19:09:41.088 Disk 0 trace - called modules:
19:09:41.119 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x8594a1f8]<<
19:09:41.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683e530]
19:09:41.135 3 CLASSPNP.SYS[8bba059e] -> nt!IofCallDriver -> [0x8683e020]
19:09:41.135 5 hpdskflt.sys[8bb52090] -> nt!IofCallDriver -> [0x86669918]
19:09:41.135 7 ACPI.sys[837ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86714908]
19:09:41.150 \Driver\atapi[0x866fc910] -> IRP_MJ_CREATE -> 0x8594a1f8
19:09:41.166 Scan finished successfully
19:10:20.306 Disk 0 MBR has been saved successfully to "C:\Users\Naractis\Desktop\MBR.dat"
19:10:20.306 The log file has been saved successfully to "C:\Users\Naractis\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:23:59
-----------------------------
19:23:59.663 OS Version: Windows 6.1.7601 Service Pack 1
19:23:59.663 Number of processors: 2 586 0x170A
19:23:59.663 ComputerName: NARACTISBOOK UserName: Naractis
19:24:01.004 Initialize success
19:24:07.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:24:07.873 Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 11
19:24:07.904 Disk 0 MBR read successfully
19:24:07.904 Disk 0 MBR scan
19:24:07.904 Disk 0 Windows 7 default MBR code
19:24:07.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463559 MB offset 2048
19:24:07.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13377 MB offset 949370880
19:24:07.951 Disk 0 scanning sectors +976766976
19:24:08.045 Disk 0 scanning C:\Windows\system32\drivers
19:24:26.001 Service scanning
19:24:31.273 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:24:31.929 Modules scanning
19:25:04.829 Disk 0 trace - called modules:
19:25:04.845 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS PCIIDEX.SYS msahci.sys
19:25:05.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867c3030]
19:25:05.359 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x867be918]
19:25:05.359 5 hpdskflt.sys[8ba02090] -> nt!IofCallDriver -> [0x86718938]
19:25:05.375 7 ACPI.sys[8b4a93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866c6908]
19:25:05.375 Scan finished successfully
19:25:25.249 Disk 0 MBR has been saved successfully to "C:\Users\Naractis\Desktop\MBR.dat"
19:25:25.249 The log file has been saved successfully to "C:\Users\Naractis\Desktop\aswMBR.txt"
Code:
ATTFilter
================================Nat session table==============================
Slot Prot Internal-IP :Port Outgoing-IP :Port External-IP :Port Idle
================================================================================
12 UDP 192.168.1.35 :58984 188.155.176.227:17046 194.230.1.39 :53 75
33 TCP 192.168.1.35 :41145 188.155.176.227:24074 62.75.211.133 :6667 47
36 TCP 192.168.1.33 :49643 188.155.176.227:24504 193.192.226.164:443 16
48 TCP 192.168.1.35 :50596 188.155.176.227:24262 199.59.148.139 :443 26
60 UDP 192.168.1.35 :58158 188.155.176.227:16280 194.230.1.39 :53 25
130 TCP 192.168.1.33 :49528 188.155.176.227:24283 74.125.232.110 :80 17
142 TCP 192.168.1.35 :47296 188.155.176.227:16285 173.194.70.84 :443 0
170 UDP 192.168.1.33 :49483 188.155.176.227:19922 194.230.1.39 :53 154
173 TCP 192.168.1.33 :49516 188.155.176.227:23823 199.47.217.149 :80 36
177 UDP 192.168.1.35 :51413 188.155.176.227:29710 213.203.152.155:50227 148
185 UDP 192.168.1.35 :36879 188.155.176.227:20534 194.230.1.39 :53 90
196 TCP 192.168.1.35 :43140 188.155.176.227:24144 173.194.35.17 :80 0
217 UDP 192.168.1.35 :47507 188.155.176.227:24532 194.230.1.39 :53 25
225 TCP 192.168.1.35 :53194 188.155.176.227:11308 222.94.132.134 :10224 6015
238 UDP 192.168.1.35 :43710 188.155.176.227:24509 194.230.1.39 :53 90
282 TCP 192.168.1.33 :49633 188.155.176.227:24489 173.194.35.44 :443 39
309 TCP 192.168.1.35 :33503 188.155.176.227:24535 173.194.35.18 :80 10
352 UDP 192.168.1.35 :51413 188.155.176.227:29710 80.108.238.72 :57417 117
376 UDP 192.168.1.35 :38132 188.155.176.227:24534 194.230.1.39 :53 10
377 TCP 192.168.1.35 :59933 188.155.176.227:24147 173.194.35.17 :443 4
425 UDP 192.168.1.35 :51413 188.155.176.227:29710 78.86.125.0 :44098 47
491 UDP 192.168.1.35 :43651 188.155.176.227:24506 194.230.1.39 :53 112
496 TCP 192.168.1.35 :52742 188.155.176.227:20078 14.209.219.157 :10439 3826
516 UDP 192.168.1.33 :50969 188.155.176.227:24493 194.230.1.39 :53 162
518 UDP 192.168.1.35 :51413 188.155.176.227:29710 94.66.185.79 :28115 165
532 UDP 192.168.1.33 :60440 188.155.176.227:15189 194.230.1.39 :53 91
548 UDP 192.168.1.35 :45820 188.155.176.227:21985 194.230.1.39 :53 80
574 TCP 192.168.1.33 :49548 188.155.176.227:24327 74.125.232.117 :443 14
612 UDP 192.168.1.35 :49271 188.155.176.227:24526 194.230.1.39 :53 81
622 TCP 192.168.1.35 :59625 188.155.176.227:12971 84.226.250.159 :22224 8277
626 TCP 192.168.1.33 :49636 188.155.176.227:24496 173.194.35.49 :443 23
650 UDP 192.168.1.33 :54361 188.155.176.227:18655 194.95.249.23 :36653 23
708 UDP 192.168.1.35 :51413 188.155.176.227:29710 190.195.13.184 :56963 129
721 UDP 192.168.1.35 :47947 188.155.176.227:19647 194.230.1.39 :53 112
729 TCP 192.168.1.35 :56985 188.155.176.227:24098 75.126.76.138 :80 9
753 UDP 192.168.1.33 :54157 188.155.176.227:24505 194.230.1.39 :53 118
760 UDP 192.168.1.35 :37653 188.155.176.227:23401 194.230.1.39 :53 80
783 UDP 192.168.1.33 :49839 188.155.176.227:24488 194.230.1.39 :53 172
852 UDP 192.168.1.35 :42879 188.155.176.227:24533 194.230.1.39 :53 20
901 UDP 192.168.1.33 :59453 188.155.176.227:24510 194.230.1.39 :53 96
949 UDP 192.168.1.33 :46327 188.155.176.227:26029 194.95.249.23 :25903 22
951 UDP 192.168.1.33 :49839 188.155.176.227:24488 194.230.1.103 :53 178
956 UDP 192.168.1.35 :51413 188.155.176.227:29710 72.179.50.38 :59883 47
966 UDP 192.168.1.35 :34999 188.155.176.227:24487 194.230.1.39 :53 180
977 UDP 192.168.1.33 :51975 188.155.176.227:24503 194.230.1.39 :53 162
982 UDP 192.168.1.35 :50574 188.155.176.227:14167 217.147.223.78 :123 159
1005 UDP 192.168.1.35 :51413 188.155.176.227:29710 89.113.24.25 :35691 105
1011 TCP 192.168.1.35 :50597 188.155.176.227:12340 199.59.148.139 :443 25
1049 UDP 192.168.1.35 :51413 188.155.176.227:29710 24.82.162.176 :45376 104
1075 UDP 192.168.1.33 :56266 188.155.176.227:24495 194.230.1.39 :53 167
1083 UDP 192.168.1.33 :65409 188.155.176.227:18797 94.245.121.251 :3544 0
1115 TCP 192.168.1.35 :60445 188.155.176.227:16242 95.100.255.178 :80 35
1129 UDP 192.168.1.35 :34977 188.155.176.227:24490 194.230.1.103 :53 175
1152 UDP 192.168.1.35 :51413 188.155.176.227:29710 190.101.73.37 :34433 104
1173 UDP 192.168.1.35 :51413 188.155.176.227:29710 90.30.222.207 :34762 147
1200 TCP 192.168.1.33 :49529 188.155.176.227:24285 178.236.5.51 :80 162
1209 TCP 192.168.1.35 :41657 188.155.176.227:22662 173.194.70.125 :5222 12
1214 UDP 192.168.1.35 :43288 188.155.176.227:24491 194.230.1.39 :53 180
1215 UDP 192.168.1.33 :49874 188.155.176.227:24513 194.230.1.39 :53 101
1234 UDP 192.168.1.33 :61444 188.155.176.227:15660 194.230.1.39 :53 101
================================Summary information=============================
Used: 60, Total: 8000
Vielen Dank für Eure Mühe! |
|
23.01.2012, 13:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ungewöhnlich viele Nat verbindungen Kann es sein, dass bei dir im Hintergrund irgendein Filesharingtool läuft? uTorrent ist ja installiert wie ich aus dem Log lese
__________________
__________________ |
|
23.01.2012, 19:42
| #3 |
| | Ungewöhnlich viele Nat verbindungen Hi Cosinus,
__________________Nein, es laufen keine Filesharing Programme - ansonsten wären die vielen Verbindungen ganz klar auf das u torrent zurück zu führen... Das kann es also nicht sein. Ich hab mal noch den standart Eset scan gemacht: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2699bb5b98ed8044bf6e1ab7b6477732
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 10:43:28
# local_time=2012-01-19 11:43:28 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 11260 63541680 90859 0
# compatibility_mode=5893 16776574 100 94 469072 78636015 0 0
# compatibility_mode=8192 67108863 100 0 3733 3733 0 0
# scanned=258409
# found=2
# cleaned=0
# scan_time=8184
C:\Users\Naractis\Downloads\SoftonicDownloader_fuer_artmoney.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Naractis\Downloads\SoftonicDownloader_para_cheat-o-matic.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
Grüsse Nara |
|
23.01.2012, 21:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewöhnlich viele Nat verbindungen Hm, muss ich überlesen haben in deinem ersten Posting, aber uTorrent sprang so ins Auge... Hast du schon Malwarebytes laufen lassen? Wenn ja Log posten, wenn nicht Vollscan machen. Schau mal zB mit sowas wie tcpview nach, damit kann man evtl. einen Prozess als Verursacher für die Verbindungen festmachen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.01.2012, 13:25
| #5 |
| | Ungewöhnlich viele Nat verbindungen Hier wäre mal das Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.23.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Naractis :: NARACTISBOOK [Administrator] Schutz: Aktiviert 23.01.2012 22:34:37 mbam-log-2012-01-23 (22-34-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 435301 Laufzeit: 4 Stunde(n), 17 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\phnxdll.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und hier 2 Logs von TCP view. Ich wess allerdings nicht, was "normal" ist. Ob z.B. der SVC host ungewöhnlich viele Verbindungen macht... Code:
ATTFilter [System Process] 0 TCP Naractisbook wsd localhost 49523 TIME_WAIT
AppleMobileDeviceService.exe 1560 TCP Naractisbook 27015 Naractisbook 0 LISTENING
AppleMobileDeviceService.exe 1560 TCP Naractisbook 49156 localhost 5354 ESTABLISHED
AppleMobileDeviceService.exe 1560 UDP Naractisbook 54524 * *
AppleMobileDeviceService.exe 1560 UDP Naractisbook 54525 * *
chrome.exe 4988 TCP naractisbook 49513 fa-in-f138.1e100.net http ESTABLISHED
chrome.exe 4988 TCP naractisbook 49514 fa-in-f138.1e100.net http ESTABLISHED 3 2'598 3 1'125
chrome.exe 4988 TCP naractisbook 49515 178.236.4.41 http ESTABLISHED 1 447 1 159
chrome.exe 4988 TCP naractisbook 49518 fa-in-f154.1e100.net http ESTABLISHED
chrome.exe 4988 TCP naractisbook 49520 193.192.226.155 https ESTABLISHED 1 37 2 387
chrome.exe 4988 TCP naractisbook 49521 www.digitec.ch http ESTABLISHED 1 924 1 435
Dropbox.exe 3016 TCP Naractisbook 17500 Naractisbook 0 LISTENING 120 13'320 120 13'320
Dropbox.exe 3016 TCP Naractisbook 19872 localhost 49165 ESTABLISHED
Dropbox.exe 3016 TCP Naractisbook 49165 localhost 19872 ESTABLISHED
Dropbox.exe 3016 TCP naractisbook 49169 sjc-not10.sjc.dropbox.com http ESTABLISHED 10 1'910 10 1'790
Dropbox.exe 3016 UDP Naractisbook 17500 * *
lsass.exe 580 TCP Naractisbook 49155 Naractisbook 0 LISTENING
lsass.exe 580 TCPV6 naractisbook 49155 naractisbook 0 LISTENING
mDNSResponder.exe 1628 TCP Naractisbook 5354 Naractisbook 0 LISTENING
mDNSResponder.exe 1628 TCP Naractisbook 5354 localhost 49156 ESTABLISHED
mDNSResponder.exe 1628 UDP naractisbook 5353 * * 1 42 2 84
mDNSResponder.exe 1628 UDP Naractisbook 54526 * *
mDNSResponder.exe 1628 UDPV6 [0:0:0:0:0:0:0:1] 5353 * *
mDNSResponder.exe 1628 UDPV6 naractisbook 54527 * *
PnkBstrA.exe 2172 UDP Naractisbook 44301 * *
services.exe 564 TCP Naractisbook 49158 Naractisbook 0 LISTENING
services.exe 564 TCPV6 naractisbook 49158 naractisbook 0 LISTENING
sidebar.exe 2220 UDP Naractisbook 61756 * *
spd.exe 252 UDP Naractisbook 889 * * 46 65'320 46 65'320
spd.exe 252 UDP Naractisbook 50095 * * 34
spoolsv.exe 1948 TCP Naractisbook 49157 Naractisbook 0 LISTENING
spoolsv.exe 1948 TCPV6 naractisbook 49157 naractisbook 0 LISTENING
svchost.exe 860 TCP Naractisbook epmap Naractisbook 0 LISTENING
svchost.exe 2916 TCP Naractisbook ftps Naractisbook 0 LISTENING
svchost.exe 2916 TCP Naractisbook dccm Naractisbook 0 LISTENING
svchost.exe 2916 TCP Naractisbook 7438 Naractisbook 0 LISTENING
svchost.exe 1000 TCP Naractisbook 49153 Naractisbook 0 LISTENING
svchost.exe 1192 TCP Naractisbook 49154 Naractisbook 0 LISTENING
svchost.exe 524 UDP Naractisbook ssdp * * 39 18'372 646 116'732
svchost.exe 524 UDP naractisbook ssdp * * 2 292
svchost.exe 1192 UDP Naractisbook teredo * *
svchost.exe 1456 UDP Naractisbook ws-discovery * * 8 4'992
svchost.exe 524 UDP Naractisbook ws-discovery * * 2 2'450 4 2'496
svchost.exe 1456 UDP Naractisbook ws-discovery * *
svchost.exe 524 UDP Naractisbook ws-discovery * *
svchost.exe 1820 UDP Naractisbook llmnr * * 18 424
svchost.exe 524 UDP naractisbook 50178 * * 30 3'870
svchost.exe 524 UDP Naractisbook 50179 * * 30 3'870 3 1'176
svchost.exe 1456 UDP Naractisbook 52659 * *
svchost.exe 1456 UDP Naractisbook 62382 * * 4 2'496 2 2'450
svchost.exe 524 UDP Naractisbook 62467 * *
svchost.exe 1192 UDP naractisbook 62933 * * 23 1'361 15 1'635
svchost.exe 860 TCPV6 naractisbook epmap naractisbook 0 LISTENING
svchost.exe 2916 TCPV6 naractisbook ftps naractisbook 0 LISTENING
svchost.exe 5328 TCPV6 naractisbook 3587 naractisbook 0 LISTENING
svchost.exe 2916 TCPV6 [0:0:0:0:0:0:0:1] dccm naractisbook 0 LISTENING
svchost.exe 1000 TCPV6 naractisbook 49153 naractisbook 0 LISTENING
svchost.exe 1192 TCPV6 naractisbook 49154 naractisbook 0 LISTENING
svchost.exe 524 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 524 UDPV6 naractisbook 1900 * *
svchost.exe 5328 UDPV6 naractisbook 3540 * * 200 176'920
svchost.exe 524 UDPV6 naractisbook 3702 * *
svchost.exe 1456 UDPV6 naractisbook 3702 * *
svchost.exe 1456 UDPV6 naractisbook 3702 * *
svchost.exe 524 UDPV6 naractisbook 3702 * *
svchost.exe 1820 UDPV6 naractisbook 5355 * *
svchost.exe 524 UDPV6 naractisbook 50176 * *
svchost.exe 524 UDPV6 [0:0:0:0:0:0:0:1] 50177 * * 360 134'016 744 2
svchost.exe 1456 UDPV6 naractisbook 52660 * *
svchost.exe 1456 UDPV6 naractisbook 62383 * *
svchost.exe 524 UDPV6 naractisbook 62468 * *
svchost.exe 1000 UDP Naractisbook bootpc * * 8 2'400 1 300
svchost.exe 1456 TCPV6 [0:0:0:0:0:0:0:1] 49522 [0:0:0:0:0:0:0:1] icslap ESTABLISHED 1 229 5 5'885
System 4 TCP naractisbook netbios-ssn Naractisbook 0 LISTENING
System 4 TCP Naractisbook microsoft-ds Naractisbook 0 LISTENING
System 4 TCP Naractisbook icslap Naractisbook 0 LISTENING
System 4 TCP Naractisbook wsd Naractisbook 0 LISTENING
System 4 TCP Naractisbook 10243 Naractisbook 0 LISTENING
System 4 UDP naractisbook netbios-ns * * 91 4'550 28 1'400
System 4 UDP naractisbook netbios-dgm * * 4 828 4 828
System 4 TCPV6 naractisbook microsoft-ds naractisbook 0 LISTENING
System 4 TCPV6 naractisbook icslap naractisbook 0 LISTENING
System 4 TCPV6 naractisbook wsd naractisbook 0 LISTENING
System 4 TCPV6 naractisbook 10243 naractisbook 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 49522 ESTABLISHED 2 5'885 1 229
wininit.exe 508 TCP Naractisbook 49152 Naractisbook 0 LISTENING
wininit.exe 508 TCPV6 naractisbook 49152 naractisbook 0 LISTENING
wmpnetwk.exe 2768 TCP Naractisbook rtsp Naractisbook 0 LISTENING
wmpnetwk.exe 2768 UDP Naractisbook 5004 * *
wmpnetwk.exe 2768 UDP Naractisbook 5005 * *
wmpnetwk.exe 2768 TCPV6 naractisbook rtsp naractisbook 0 LISTENING
wmpnetwk.exe 2768 UDPV6 naractisbook 5004 * *
wmpnetwk.exe 2768 UDPV6 naractisbook 5005 * *
Code:
ATTFilter [System Process] 0 TCP naractisbook 49527 www-11-05-prn1.facebook.com http TIME_WAIT
[System Process] 0 TCP naractisbook 49531 194.230.42.146 http TIME_WAIT
[System Process] 0 TCP naractisbook 49645 194.126.200.44 http TIME_WAIT
[System Process] 0 TCP naractisbook 49664 194.126.200.44 http TIME_WAIT
[System Process] 0 TCP naractisbook 49540 bru01m01-in-f95.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49554 fa-in-f101.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49555 fa-in-f101.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49556 fa-in-f101.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49557 fa-in-f101.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49559 63.131.144.202 http TIME_WAIT
[System Process] 0 TCP naractisbook 49571 194.230.42.136 http TIME_WAIT
[System Process] 0 TCP naractisbook 49572 194.230.42.136 http TIME_WAIT
[System Process] 0 TCP naractisbook 49592 217.192.14.19 http TIME_WAIT
[System Process] 0 TCP naractisbook 49595 2.16.13.55 http TIME_WAIT
[System Process] 0 TCP naractisbook 49596 2.16.13.55 http TIME_WAIT
[System Process] 0 TCP Naractisbook wsd localhost 49680 TIME_WAIT
[System Process] 0 TCP naractisbook 49638 bru01m01-in-f95.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49639 63.131.144.202 http TIME_WAIT
[System Process] 0 TCP naractisbook 49640 63.131.144.202 http TIME_WAIT
[System Process] 0 TCP naractisbook 49646 fa-in-f154.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49647 fa-in-f154.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49648 fa-in-f154.1e100.net http TIME_WAIT
[System Process] 0 TCP naractisbook 49649 fa-in-f154.1e100.net http TIME_WAIT
AppleMobileDeviceService.exe 1560 TCP Naractisbook 27015 Naractisbook 0 LISTENING
AppleMobileDeviceService.exe 1560 TCP Naractisbook 49156 localhost 5354 ESTABLISHED
AppleMobileDeviceService.exe 1560 UDP Naractisbook 54524 * *
AppleMobileDeviceService.exe 1560 UDP Naractisbook 54525 * *
chrome.exe 4988 TCP naractisbook 49515 178.236.4.41 http ESTABLISHED 3 1'341 3 477
chrome.exe 4988 TCP naractisbook 49526 www-11-05-prn1.facebook.com http ESTABLISHED 2 1'476 10 18'146
chrome.exe 4988 TCP naractisbook 49528 194.230.42.152 http ESTABLISHED 3 1'595 4 1'058
chrome.exe 4988 TCP naractisbook 49529 194.230.42.152 http ESTABLISHED 2 949 3 816
chrome.exe 4988 TCP naractisbook 49530 194.230.42.152 http ESTABLISHED 2 950 3 779
chrome.exe 4988 TCP naractisbook 49532 www.digitec.ch http ESTABLISHED 12 10'728 14 5'669
chrome.exe 4988 TCP naractisbook 49533 www.digitec.ch http ESTABLISHED 5 4'541 5 788
chrome.exe 4988 TCP naractisbook 49534 www.digitec.ch http ESTABLISHED 4 3'549 7 5'787
chrome.exe 4988 TCP naractisbook 49535 www.digitec.ch http ESTABLISHED 1 909 1 92
chrome.exe 4988 TCP naractisbook 49536 www.digitec.ch http ESTABLISHED 5 4'505 5 624
chrome.exe 4988 TCP naractisbook 49537 www.digitec.ch http ESTABLISHED 5 4'391 8 7'357
chrome.exe 4988 TCP naractisbook 49538 bru01m01-in-f95.1e100.net http ESTABLISHED 3 1'626 3 408
chrome.exe 4988 TCP naractisbook 49539 bru01m01-in-f95.1e100.net http ESTABLISHED 3 1'629 3 408
chrome.exe 4988 TCP naractisbook 49541 www.digitec.ch http ESTABLISHED 2 1'686 2 862
chrome.exe 4988 TCP naractisbook 49542 www.digitec.ch http ESTABLISHED 2 1'695 2 880
chrome.exe 4988 TCP naractisbook 49543 www.digitec.ch http ESTABLISHED 1 906 1 421
chrome.exe 4988 TCP naractisbook 49544 www.digitec.ch http ESTABLISHED 1 903 1 439
chrome.exe 4988 TCP naractisbook 49545 www.digitec.ch http ESTABLISHED 1 899 1 431
chrome.exe 4988 TCP naractisbook 49546 www.digitec.ch http ESTABLISHED 1 902 1 437
chrome.exe 4988 TCP naractisbook 49547 www.digitec.ch https ESTABLISHED 3 2'282 3 325
chrome.exe 4988 TCP naractisbook 49548 www.digitec.ch https ESTABLISHED 3 2'282 5 1'068
chrome.exe 4988 TCP naractisbook 49549 www.digitec.ch https ESTABLISHED 3 2'266 6 3'784
chrome.exe 4988 TCP naractisbook 49550 www.digitec.ch https ESTABLISHED 2 1'296 5 3'651
chrome.exe 4988 TCP naractisbook 49551 www.digitec.ch https ESTABLISHED 2 1'296 5 3'651
chrome.exe 4988 TCP naractisbook 49552 www.digitec.ch https ESTABLISHED 2 1'296 5 2'271
chrome.exe 4988 TCP naractisbook 49553 fa-in-f101.1e100.net http ESTABLISHED 13 11'035 13 4'634
chrome.exe 4988 TCP naractisbook 49558 63.131.144.202 http ESTABLISHED 2 1'199 3 2'642
chrome.exe 4988 TCP naractisbook 49562 77-59-236-55.static.cablecom.ch https ESTABLISHED 1 582 1 59
chrome.exe 4988 TCP naractisbook 49564 lb160.pars.cotendo.net http ESTABLISHED 18 17'201 29 44'181
chrome.exe 4988 TCP naractisbook 49565 lb160.pars.cotendo.net http ESTABLISHED 14 14'162 16 8'056
chrome.exe 4988 TCP naractisbook 49566 lb160.pars.cotendo.net http ESTABLISHED 11 11'189 23 33'753
chrome.exe 4988 TCP naractisbook 49567 lb160.pars.cotendo.net http ESTABLISHED 13 13'295 15 6'137
chrome.exe 4988 TCP naractisbook 49568 lb160.pars.cotendo.net http ESTABLISHED 10 10'250 10 3'401
chrome.exe 4988 TCP naractisbook 49569 lb160.pars.cotendo.net http ESTABLISHED 11 11'355 11 3'753
chrome.exe 4988 TCP naractisbook 49570 194.230.42.136 http ESTABLISHED 2 1'092 2 508
chrome.exe 4988 TCP naractisbook 49573 fa-in-f155.1e100.net http ESTABLISHED 1 524 1 134
chrome.exe 4988 TCP naractisbook 49574 194.230.42.162 http ESTABLISHED 2 1'092 2 508
chrome.exe 4988 TCP naractisbook 49575 194.230.42.162 http ESTABLISHED 1 546 1 254
chrome.exe 4988 TCP naractisbook 49578 www2.vbs.admin.ch http ESTABLISHED 2 922 2 2'538
chrome.exe 4988 TCP naractisbook 49579 wwwa2.vbs.admin.ch http ESTABLISHED 5 2'782 26 157'210
chrome.exe 4988 TCP naractisbook 49580 wwwa2.vbs.admin.ch http ESTABLISHED 1 547 9 36'114
chrome.exe 4988 TCP naractisbook 49581 wwwa2.vbs.admin.ch http ESTABLISHED 2 1'097 16 31'464
chrome.exe 4988 TCP naractisbook 49594 63.131.144.202 https ESTABLISHED 2 925 23 23'973
chrome.exe 4988 TCP naractisbook 49603 192.168.1.1 http ESTABLISHED 3 1'300 12 15'073
chrome.exe 4988 TCP naractisbook 49604 192.168.1.1 http ESTABLISHED 1 455 1 86
chrome.exe 4988 TCP naractisbook 49605 192.168.1.1 http ESTABLISHED 1 460 1 86
chrome.exe 4988 TCP naractisbook 49606 ec2-184-72-108-160.compute-1.amazonaws.com https ESTABLISHED 2 515 3 1'374
chrome.exe 4988 TCP naractisbook 49607 mil01s16-in-f16.1e100.net https ESTABLISHED 2 465 2 198
chrome.exe 4988 TCP naractisbook 49608 fa-in-f84.1e100.net https ESTABLISHED 4 1'099 19 14'090
chrome.exe 4988 TCP naractisbook 49609 fa-in-f113.1e100.net https ESTABLISHED 2 3'220 7 3'008
chrome.exe 4988 TCP naractisbook 49610 fa-in-f120.1e100.net https ESTABLISHED 8 1'331 13 788
chrome.exe 4988 TCP naractisbook 49611 192.168.1.1 http ESTABLISHED 2 791 6 10'678
chrome.exe 4988 TCP naractisbook 49618 194.230.42.162 http ESTABLISHED 1 546 1 254
chrome.exe 4988 TCP naractisbook 49619 194.230.42.154 http ESTABLISHED 2 1'092 2 508
chrome.exe 4988 TCP naractisbook 49621 mil01s16-in-f24.1e100.net http ESTABLISHED 1 780 1 136
chrome.exe 4988 TCP naractisbook 49623 fra07s07-in-f97.1e100.net https ESTABLISHED 5 1'331 5 600
chrome.exe 4988 TCP naractisbook 49629 wwwa2.vbs.admin.ch http ESTABLISHED 2 1'101 2 2'251
chrome.exe 4988 TCP naractisbook 49631 fa-in-f18.1e100.net https ESTABLISHED 4 1'151 8 2'604
chrome.exe 4988 TCP naractisbook 49633 77-59-236-55.static.cablecom.ch https ESTABLISHED 4 2'911 9 7'128
chrome.exe 4988 TCP naractisbook 49634 77-59-236-55.static.cablecom.ch https ESTABLISHED 2 769 7 5'257
chrome.exe 4988 TCP naractisbook 49635 77-59-236-55.static.cablecom.ch https ESTABLISHED 4 2'197 8 5'731
chrome.exe 4988 TCP naractisbook 49636 77-59-236-55.static.cablecom.ch https ESTABLISHED 5 2'927 9 5'864
chrome.exe 4988 TCP naractisbook 49637 77-59-236-55.static.cablecom.ch https ESTABLISHED 4 2'261 9 5'523
chrome.exe 4988 TCP naractisbook 49650 dict-muc.leo.org http ESTABLISHED 5 2'972 11 12'833
chrome.exe 4988 TCP naractisbook 49651 dict-muc.leo.org http ESTABLISHED 2 1'162 7 8'473
chrome.exe 4988 TCP naractisbook 49652 dict-muc.leo.org http ESTABLISHED 2 1'155 2 1'800
chrome.exe 4988 TCP naractisbook 49653 dict-muc.leo.org http ESTABLISHED 1 578 1 219
chrome.exe 4988 TCP naractisbook 49654 dict-muc.leo.org http ESTABLISHED 1 580 4 4'087
chrome.exe 4988 TCP naractisbook 49655 dict-muc.leo.org http ESTABLISHED 1 580 1 220
chrome.exe 4988 TCP naractisbook 49678 89.1.11.151 https CLOSE_WAIT 1 27 27 1
Dropbox.exe 3016 TCP Naractisbook 17500 Naractisbook 0 LISTENING 174 19'314 174 19'314
Dropbox.exe 3016 TCP Naractisbook 19872 localhost 49165 ESTABLISHED
Dropbox.exe 3016 TCP Naractisbook 49165 localhost 19872 ESTABLISHED
Dropbox.exe 3016 TCP naractisbook 49169 sjc-not10.sjc.dropbox.com http ESTABLISHED 15 2'865 15 2'685
Dropbox.exe 3016 UDP Naractisbook 17500 * *
lsass.exe 580 TCP Naractisbook 49155 Naractisbook 0 LISTENING
lsass.exe 580 TCPV6 naractisbook 49155 naractisbook 0 LISTENING
mDNSResponder.exe 1628 TCP Naractisbook 5354 Naractisbook 0 LISTENING
mDNSResponder.exe 1628 TCP Naractisbook 5354 localhost 49156 ESTABLISHED
mDNSResponder.exe 1628 UDP naractisbook 5353 * * 2 84 4 168 42 84 1 2
mDNSResponder.exe 1628 UDP Naractisbook 54526 * *
mDNSResponder.exe 1628 UDPV6 [0:0:0:0:0:0:0:1] 5353 * *
mDNSResponder.exe 1628 UDPV6 naractisbook 54527 * *
PnkBstrA.exe 2172 UDP Naractisbook 44301 * *
services.exe 564 TCP Naractisbook 49158 Naractisbook 0 LISTENING
services.exe 564 TCPV6 naractisbook 49158 naractisbook 0 LISTENING
sidebar.exe 2220 UDP Naractisbook 61756 * *
spd.exe 252 UDP Naractisbook 889 * * 66 93'720 66 93'720
spd.exe 252 UDP Naractisbook 50095 * * 41
spoolsv.exe 1948 TCP Naractisbook 49157 Naractisbook 0 LISTENING
spoolsv.exe 1948 TCPV6 naractisbook 49157 naractisbook 0 LISTENING
svchost.exe 860 TCP Naractisbook epmap Naractisbook 0 LISTENING
svchost.exe 2916 TCP Naractisbook ftps Naractisbook 0 LISTENING
svchost.exe 2916 TCP Naractisbook dccm Naractisbook 0 LISTENING
svchost.exe 2916 TCP Naractisbook 7438 Naractisbook 0 LISTENING
svchost.exe 1000 TCP Naractisbook 49153 Naractisbook 0 LISTENING
svchost.exe 1192 TCP Naractisbook 49154 Naractisbook 0 LISTENING
svchost.exe 524 UDP Naractisbook ssdp * * 81 37'920 988 188'750 438 3
svchost.exe 524 UDP naractisbook ssdp * * 2 292
svchost.exe 1192 UDP Naractisbook teredo * *
svchost.exe 1456 UDP Naractisbook ws-discovery * * 24 14'976
svchost.exe 524 UDP Naractisbook ws-discovery * * 6 7'350 12 7'488
svchost.exe 1456 UDP Naractisbook ws-discovery * *
svchost.exe 524 UDP Naractisbook ws-discovery * *
svchost.exe 1820 UDP Naractisbook llmnr * * 28 700
svchost.exe 524 UDP naractisbook 50178 * * 39 4'839
svchost.exe 524 UDP Naractisbook 50179 * * 39 4'839 9 3'528
svchost.exe 1456 UDP Naractisbook 52659 * *
svchost.exe 1456 UDP Naractisbook 62382 * * 12 7'488 6 7'350
svchost.exe 524 UDP Naractisbook 62467 * *
svchost.exe 1192 UDP naractisbook 62933 * * 30 1'788 22 2'398
svchost.exe 860 TCPV6 naractisbook epmap naractisbook 0 LISTENING
svchost.exe 2916 TCPV6 naractisbook ftps naractisbook 0 LISTENING
svchost.exe 5328 TCPV6 naractisbook 3587 naractisbook 0 LISTENING
svchost.exe 2916 TCPV6 [0:0:0:0:0:0:0:1] dccm naractisbook 0 LISTENING
svchost.exe 1000 TCPV6 naractisbook 49153 naractisbook 0 LISTENING
svchost.exe 1192 TCPV6 naractisbook 49154 naractisbook 0 LISTENING
svchost.exe 524 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 524 UDPV6 naractisbook 1900 * *
svchost.exe 5328 UDPV6 naractisbook 3540 * * 290 256'534
svchost.exe 524 UDPV6 naractisbook 3702 * *
svchost.exe 1456 UDPV6 naractisbook 3702 * *
svchost.exe 1456 UDPV6 naractisbook 3702 * *
svchost.exe 524 UDPV6 naractisbook 3702 * *
svchost.exe 1820 UDPV6 naractisbook 5355 * *
svchost.exe 524 UDPV6 naractisbook 50176 * *
svchost.exe 524 UDPV6 [0:0:0:0:0:0:0:1] 50177 * * 526 195'960
svchost.exe 1456 UDPV6 naractisbook 52660 * *
svchost.exe 1456 UDPV6 naractisbook 62383 * *
svchost.exe 524 UDPV6 naractisbook 62468 * *
svchost.exe 1456 TCPV6 [0:0:0:0:0:0:0:1] 49679 [0:0:0:0:0:0:0:1] icslap ESTABLISHED 1 229 5 5'885
System 4 TCP naractisbook netbios-ssn Naractisbook 0 LISTENING
System 4 TCP Naractisbook microsoft-ds Naractisbook 0 LISTENING
System 4 TCP Naractisbook icslap Naractisbook 0 LISTENING
System 4 TCP Naractisbook wsd Naractisbook 0 LISTENING
System 4 TCP Naractisbook 10243 Naractisbook 0 LISTENING
System 4 UDP naractisbook netbios-ns * * 128 6'400 40 2'000 50 1
System 4 UDP naractisbook netbios-dgm * * 5 1'029 5 1'029
System 4 TCPV6 naractisbook microsoft-ds naractisbook 0 LISTENING
System 4 TCPV6 naractisbook icslap naractisbook 0 LISTENING
System 4 TCPV6 naractisbook wsd naractisbook 0 LISTENING
System 4 TCPV6 naractisbook 10243 naractisbook 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 49679 ESTABLISHED 2 5'885 1 229
wininit.exe 508 TCP Naractisbook 49152 Naractisbook 0 LISTENING
wininit.exe 508 TCPV6 naractisbook 49152 naractisbook 0 LISTENING
wmpnetwk.exe 2768 TCP Naractisbook rtsp Naractisbook 0 LISTENING
wmpnetwk.exe 2768 UDP Naractisbook 5004 * *
wmpnetwk.exe 2768 UDP Naractisbook 5005 * *
wmpnetwk.exe 2768 TCPV6 naractisbook rtsp naractisbook 0 LISTENING
wmpnetwk.exe 2768 UDPV6 naractisbook 5004 * *
wmpnetwk.exe 2768 UDPV6 naractisbook 5005 * *
Danach räumt er die Verbindungen sukzessive auf, bis sie dann bei ungefähr 90 stagnieren (oberes Log) Eine Erklärung wäre: Der Router löscht die veralteten Verbindungen in der Nat Table zu langsam -> das führt dazu, dass die Table überläuft. Jedoch: Die anderen Computer sind auch mit dem Chrome Browser am Surfen, und diese haben das Problem nicht... Ich danke Herzlich, dass Du dich so für mein Problem engagierst! Freundliche Grüsse, Nara |
|
24.01.2012, 14:01
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewöhnlich viele Nat verbindungenZitat:
__________________ --> Ungewöhnlich viele Nat verbindungen |
|
| Themen zu Ungewöhnlich viele Nat verbindungen |
| adblock, adobe, antivir, autorun, avast, avira, bho, bonjour, classpnp.sys, defender, email, exceeds the max. number of session per host, explorer, fehler, firefox, format, ftp, google, helper, hängen, langs, limited.com/facebook, log file, logfile, microsoft security, microsoft security essentials, nat table, nat verbindungen, plug-in, registry, security, software, static, synology, udp, updates, version=1.0, warum, webcheck, windows |
Linear-Darstellung
